Skip to content

vulncheck-oss/go-exploit

Repository files navigation

go-exploit: Go Exploit Framework

Go Go Report Card

go-exploit is an exploit development framework for Go. The framework helps exploit developers create small, self-contained, portable, and consistent exploits. The framework was developed to simplify large scale scanning, exploitation, and integration with other tools. For API documentation, check out the package on pkg.go.dev/github.com/vulncheck-oss/go-exploit.

Go Exploit Phases

The Go Exploit Framework includes the following Phases which can be chained or executed independently:

Go Exploit Features

The Go Exploit Framework includes these additional features:

Examples

  • CVE-2023-22527: Three go-exploit implementations taking unique approaches to Atlassian Confluence CVE-2023-22527.
  • CVE-2023-25194: Demonstrates exploiting CVE-2023-25194 against Apache Druid (using Kafka).
  • CVE-2023-46604: Demonstrates exploiting CVE-2023-46604 and using the go-exploit HTTPServeFile c2.
  • CVE-2023-36845: Scans for Juniper firewalls to determine if they are vulnerable to CVE-2023-36845.
  • CVE-2023-51467: A go-exploit implementation of CVE-2023-51467 that lands a Nashorn reverse shell.

Contributing

Community contributions in the form of issues and features are welcome. When submitting issues, please ensure they include sufficient information to reproduce the problem. For new features, provide a reasonable use case, appropriate unit tests, and ensure compliance with our .golangci.yml without generating any complaints.

Please also ensure that linting comes back clean, and all tests pass.

golangci-lint run --fix
go test ./...

License

go-exploit is licensed under the Apache License, Version 2.0. For more details, refer to the LICENSE file.